Entre para seguir isso  
Seguidores 0
T22SBC

Janelas do navegador não param de abrir

4 posts neste tópico

O Problema e o seguinte: Acabo de ligar o PC e ja abrem janelas do Navegador padrão sem parar (alternei entre IE 7(que e o que veio com WINDOWS VISTA)o IE 8 beta, que estou usando como padrão no momento e o Google Chrome que uso de vez em quando, pensando que fosse problema do navegador, mas já acredito que não é)

-Detalhe 1: Além de não precisar fazer nada pra acontecer isso (acontece de uma hora pra outra e não sei por que)Se eu pressionar: Ctrl, Del, a tecla de aspas(a que fica embaixo da tecla Esc), o tracinho que tem depois da tecla 0 também abre uma janela do navegador

-Detalhe 2: Eu uso o antivírus Avira - versão gratuita, mas já alternei com o Avast 4.8, esse indicou processo oculto na memória e indicou scan no boot na próxima vez que reiniciasse, porém nesse scan no boot, não detectou nada. Uso o Malwarebyte em modo de segurança e o mesmo não encontra nada, Quando eu uso o HijackThis, coloco o log dele pra análise no site Hijackthis.de, e me mostra todas as entradas do meu registro limpas.

Eu fiz um log pelo Combo Fix no modo de segurança, se alguém souber algo de como eu devo proceder daqui em diante ficaria agradecido ^_^

ComboFix 09-01-08.01 - Tassio 2009-01-12 1:36:07.3 - NTFSx86 MINIMAL

Microsoft® Windows Vista™ Starter 6.0.6001.1.1252.1.1046.18.2047.1674 [GMT -2:00]

Executando de: c:\users\Tassio\Downloads\ComboFix.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-12 to 2009-01-12 ))))))))))))))))))))))))))))

.

Nenhum ficheiro/arquivo criado durante este período

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-11 14:25 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-11 14:24 0 ----a-w C:\ntuser.dat

2009-01-11 14:21 --------- d-----w c:\users\Tassio\AppData\Roaming\Comodo

2009-01-11 14:11 --------- d-----w c:\program files\Anti-Spam Filter

2009-01-10 18:06 --------- d-----w c:\program files\Avira

2009-01-10 18:06 --------- d-----w c:\progra~2\Avira

2009-01-10 14:08 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-01-10 14:08 103,736 ----a-w c:\windows\System32\PnkBstrB.exe

2009-01-08 15:43 --------- d-----w c:\program files\Marcos Velasco Security

2009-01-08 15:36 --------- d-----w c:\users\Tassio\AppData\Roaming\GlarySoft

2009-01-08 15:32 --------- d-----w c:\program files\Glary Utilities

2009-01-08 14:11 66,872 ----a-w c:\windows\System32\PnkBstrA.exe

2009-01-07 13:11 --------- d-----w c:\program files\GameVicio

2009-01-07 13:00 --------- d-----w c:\program files\Electronic Arts

2009-01-05 23:32 --------- d-----w c:\users\Tassio\AppData\Roaming\DMCache

2009-01-05 16:42 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-01-04 20:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-04 20:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-04 04:24 --------- d-----w c:\users\Tassio\AppData\Roaming\Snapfish

2009-01-04 03:47 --------- d-----w c:\users\Tassio\AppData\Roaming\Any Video Converter

2009-01-03 02:31 --------- d-----w c:\program files\USB Vibration Joystick

2008-12-31 16:14 --------- d-----w c:\program files\Alwil Software

2008-12-29 18:25 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-12-29 16:42 --------- d-----w c:\users\Tassio\AppData\Roaming\Apple Computer

2008-12-29 16:42 --------- d-----w c:\program files\iTunes

2008-12-29 16:42 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-29 16:41 --------- d-----w c:\program files\iPod

2008-12-29 16:41 --------- d-----w c:\program files\Common Files\Apple

2008-12-29 16:41 --------- d-----w c:\program files\Bonjour

2008-12-29 16:41 --------- d-----w c:\progra~2\Apple Computer

2008-12-29 16:40 --------- d-----w c:\program files\QuickTime

2008-12-29 16:38 --------- d-----w c:\program files\Apple Software Update

2008-12-29 16:38 --------- d-----w c:\progra~2\Apple

2008-12-29 15:33 174 --sha-w c:\program files\desktop.ini

2008-12-29 15:20 --------- d-----w c:\program files\Windows Sidebar

2008-12-29 15:20 --------- d-----w c:\program files\Windows Mail

2008-12-29 15:20 --------- d-----w c:\program files\Windows Calendar

2008-12-29 15:19 --------- d-----w c:\program files\Windows Photo Gallery

2008-12-29 15:19 --------- d-----w c:\program files\Windows Defender

2008-12-29 14:52 82,432 ----a-w c:\windows\System32\axaltocm.dll

2008-12-29 14:52 101,888 ----a-w c:\windows\System32\ifxcardm.dll

2008-12-28 19:33 --------- d-----w c:\program files\McAfee

2008-12-28 02:37 --------- d-----w c:\progra~2\NVIDIA

2008-12-27 17:09 --------- d-----w c:\program files\Google

2008-12-27 17:05 --------- d-----w c:\progra~2\Microsoft Help

2008-12-27 13:00 296,960 ----a-w c:\windows\System32\gdi32.dll

2008-12-27 12:55 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-12-27 12:55 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-12-27 12:55 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-12-27 12:55 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll

2008-12-27 12:55 28,672 ----a-w c:\windows\System32\Apphlpdm.dll

2008-12-27 12:55 2,560 ----a-w c:\windows\AppPatch\AcRes.dll

2008-12-27 12:55 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-12-27 12:55 2,048 ----a-w c:\windows\System32\tzres.dll

2008-12-27 12:55 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-12-27 12:55 1,695,744 ----a-w c:\windows\System32\gameux.dll

2008-12-27 12:52 2,927,104 ----a-w c:\windows\explorer.exe

2008-12-27 12:49 6,656 ----a-w c:\windows\System32\kbd106n.dll

2008-12-27 12:48 988,216 ----a-w c:\windows\System32\winload.exe

2008-12-27 12:48 927,288 ----a-w c:\windows\System32\winresume.exe

2008-12-27 12:48 615,992 ----a-w c:\windows\System32\se.dll

2008-12-27 12:48 46,592 ----a-w c:\windows\System32\setbcdlocale.dll

2008-12-27 12:48 40,960 ----a-w c:\windows\System32\srclient.dll

2008-12-27 12:48 378,368 ----a-w c:\windows\System32\srcore.dll

2008-12-27 12:48 318,464 ----a-w c:\windows\System32\rstrui.exe

2008-12-27 12:48 19,000 ----a-w c:\windows\System32\kd1394.dll

2008-12-27 12:48 14,848 ----a-w c:\windows\System32\srdelayed.exe

2008-12-27 12:46 996,352 ----a-w c:\windows\System32\WMNetMgr.dll

2008-12-27 12:46 98,816 ----a-w c:\windows\System32\mfps.dll

2008-12-27 12:46 94,720 ----a-w c:\windows\System32\logagent.exe

2008-12-27 12:46 53,248 ----a-w c:\windows\System32\rrinstaller.exe

2008-12-27 12:46 24,576 ----a-w c:\windows\System32\mfpmp.exe

2008-12-27 12:46 2,868,736 ----a-w c:\windows\System32\mf.dll

2008-12-27 12:46 2,048 ----a-w c:\windows\System32\mferror.dll

2008-12-24 03:54 --------- d-----w c:\progra~2\Kodak

2008-12-24 03:09 --------- d-----w c:\program files\Kodak

2008-12-19 18:36 --------- d-----w c:\program files\Assistente Tecnico Speedy

2008-12-19 18:20 --------- d-----w c:\program files\Telefonica

2008-12-19 15:14 155,995 ----a-w c:\windows\Java\Packages\YOR13RBF.ZIP

2008-12-15 02:08 --------- d-----w c:\program files\Microsoft Silverlight

2008-12-14 05:00 2,048 ----a-w c:\windows\System32\msxml6r.dll

2008-12-14 05:00 1,334,272 ----a-w c:\windows\System32\msxml6.dll

2008-12-12 14:24 --------- d-----w c:\program files\DAEMON Tools Toolbar

2008-12-12 14:24 --------- d-----w c:\program files\DAEMON Tools Lite

2008-12-07 05:00 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll

2008-12-07 05:00 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll

2008-12-07 05:00 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll

2008-12-03 05:00 1,645,568 ----a-w c:\windows\System32\connect.dll

2008-11-30 05:59 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll

2008-11-30 05:59 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll

2008-11-30 05:59 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll

2008-11-21 02:51 83,456 ----a-w c:\windows\System32\wudriver.dll

2008-11-21 02:51 561,688 ----a-w c:\windows\System32\wuapi.dll

2008-11-21 02:51 51,224 ----a-w c:\windows\System32\wuauclt.exe

2008-11-21 02:51 43,544 ----a-w c:\windows\System32\wups2.dll

2008-11-21 02:51 34,328 ----a-w c:\windows\System32\wups.dll

2008-11-21 02:51 1,809,944 ----a-w c:\windows\System32\wuaueng.dll

2008-11-21 02:51 1,524,736 ----a-w c:\windows\System32\wucltux.dll

2008-11-21 02:50 31,232 ----a-w c:\windows\System32\wuapp.exe

2008-11-21 02:50 162,064 ----a-w c:\windows\System32\wuwebv.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-25 212992]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe" [2007-05-11 1183744]

"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2006-03-06 286720]

"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 98304]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]

"LXCYCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDFSTab"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDFSTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-666947313-3984222628-2617784464-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{BCAF45CF-E80B-4846-8543-D92E08922F5B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{BFDDF73D-A92C-4ED5-BF6F-53ABF35F1982}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{2B246E23-A93E-4993-AF62-50161CF40B8E}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{EBB5A3B7-8B17-460E-987C-4DC1561F8B44}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{7C6ECB3D-8B15-4537-AA7B-F1946370CF3C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{2A88F719-D8C1-44AF-B22B-E41692825453}"= UDP:c:\users\Tassio\Saved Games\Jogos para PC\Sega Rally - Revo\SEGA Rally.exe:SEGA Rally

"{D8866C0C-3DCF-4A95-8E3F-B08EB329BD67}"= TCP:c:\users\Tassio\Saved Games\Jogos para PC\Sega Rally - Revo\SEGA Rally.exe:SEGA Rally

"{D23B9805-1C9B-4145-B3A7-E12CBDB9475A}"= UDP:c:\users\Tassio\Saved Games\Jogos para PC\Sega Rally - Revo\SEGA Rally_SSE1.exe:SEGA Rally

"{BA222607-7591-4193-BFF5-06AB0E2758D2}"= TCP:c:\users\Tassio\Saved Games\Jogos para PC\Sega Rally - Revo\SEGA Rally_SSE1.exe:SEGA Rally

"TCP Query User{2C5A2701-5565-4169-A57F-4277DDCC2FC5}c:\\users\\tassio\\saved games\\jogos para pc\\out run 2006 - coast 2 coast\\or2006c2c.exe"= UDP:c:\users\tassio\saved games\jogos para pc\out run 2006 - coast 2 coast\or2006c2c.exe:or2006c2c.exe

"UDP Query User{272762F1-4526-4079-A08A-8F61CC0827C5}c:\\users\\tassio\\saved games\\jogos para pc\\out run 2006 - coast 2 coast\\or2006c2c.exe"= TCP:c:\users\tassio\saved games\jogos para pc\out run 2006 - coast 2 coast\or2006c2c.exe:or2006c2c.exe

"{FDB2F52F-B774-4763-A3EE-EBE66206A160}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{CF5A3F1D-15FE-49E3-BF11-2045FD5A266C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{E54EAF02-8D0A-4B0E-82F6-DC8F411E685F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{67BCD4EC-3897-4DBF-A1F9-80C5CFE4B34E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [2008-10-15 16896]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [2008-10-15 52224]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]

S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-09-22 43520]

S3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]

S4 0137371231681840mcinstcleanup;McAfee Application Installer Cleanup (0137371231681840);c:\users\Tassio\AppData\Local\Temp\013737~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\users\Tassio\AppData\Local\Temp\013737~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S4 0303161230492828mcinstcleanup;McAfee Application Installer Cleanup (0303161230492828); [x]

S4 BT848;CxVCap, WDM Video Capture;c:\windows\System32\drivers\cxvcap.sys [2008-10-15 56704]

S4 CXTUNER;CxTuner, WDM TvTuner;c:\windows\System32\drivers\cxtuner.sys [2008-10-15 26752]

S4 CXXBAR;CxBar, WDM Crossbar;c:\windows\System32\drivers\cxxbar.sys [2008-10-15 9728]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA depois BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8741ec85-c856-11dd-a374-001d7d89c31a}]

\shell\AutoRun\command - J:\RunGame.exe

.

- - - - ORFÃOS REMOVIDOS - - - -

HKLM-RunOnce-<NO NAME> - (no file)

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-12 01:41:34

Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1????????????????????????????????????????????????????????

LXCYCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2009-01-12 1:43:58

ComboFix-quarantined-files.txt 2009-01-12 03:43:44

ComboFix2.txt 2009-01-08 18:49:01

ComboFix3.txt 2009-01-05 22:57:42

ComboFix4.txt 2008-12-12 02:40:43

Pré-execução: O sistema não pode encontrar o texto correspondente à mensagem de número 0x2379 no arquivo de mensagens para Application.

Pós execução: 47,244,144,640 bytes disponíveis

216 --- E O F --- 2009-01-08 18:08:02

Compartilhar este post


Link para o post
Compartilhar em outros sites

ah! desculpa!

Acabei de me cadastrar, e dei uma olhada em alguns tópicos pra ver se eu encontrava alguém com o mesmo problema que o meu, mas a princípio não encontrei, por isso fiz este, s já tiver algum tópico com problema idêntico é só me dizer e apagar este ok?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, T22SBC. As boas vindas ao fórum do LD! :)

Suponho que o problema é malware. Antes do mais, evite usar o combofix, é perigoso usá-lo sem supervisão. Baixe o hijackthis (baixaki) e poste o log nesta secção do fórum: http://www.linhadefensiva.org/forum/index.php?showforum=11 . Por favor não poste logs neste tópico.

Boa sorte, e boa continuação! :legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Crie uma nova conta em nossa comunidade. É fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora
Entre para seguir isso  
Seguidores 0

  • Quem Está Navegando   0 membros estão online

    Nenhum usuário registrado visualizando esta página.